Acceptable Use Policy

You may not use the Service to:

• Send unsolicited bulk messages to consumers (B2C cold email or B2C cold SMS) without their prior consent.
• Send communications that misrepresent the sender, the message, or the offer.
• Target sectors that prohibit cold outreach in your jurisdiction (e.g., consumer financial services to retail consumers in many jurisdictions, healthcare to patients).
• Scrape or store data from any source that prohibits scraping in its Terms of Service.
• Collect data on individuals you do not have a lawful basis to process.
• Submit fake form submissions or harass any business through repeated automated inquiries.
• Record telephone calls without obtaining all required consents under applicable law (see §3).
• Send communications promoting illegal goods or services, hate, harassment, sexual content involving minors, weapons, or violence.
• Send any message that would violate CAN-SPAM (US), CASL (Canada), GDPR ePrivacy / PECR (EU/UK), the Spam Act 2003 (AU), or any other applicable anti-spam law.
• Use the Service to compete with us or to clone the Service.

ProofStack is intended for B2B (business-to-business) outreach. You are responsible for ensuring every message you send complies with all applicable laws, including:

• Accurate, non-deceptive subject lines and sender identification.
• A physical postal address in every commercial email (CAN-SPAM, CASL).
• A working opt-out mechanism and honoring opt-outs within 10 business days (CAN-SPAM) or sooner.
• For EU/UK recipients: a lawful basis (legitimate interest, with a clear interest balancing test, is typical for B2B; consult counsel).
• For consumer recipients anywhere: do not send via this Service without prior opt-in.

The mystery-shop feature submits inquiries to a target business and may capture inbound phone callbacks (recordings + transcripts) via tracking numbers you provision through GoHighLevel or another provider.

You are responsible for:

• Complying with all federal and state wiretap and call-recording laws. Two-party (all-party) consent jurisdictions include California, Connecticut, Delaware, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, Nevada, New Hampshire, Pennsylvania, and Washington. If your tracking number is in or routes a call to any of those, ensure all parties consent.
• Configuring your tracking numbers with appropriate disclosure greetings where required (e.g., "This call may be recorded").
• Using mystery-shop data only for the legitimate audit purpose for which it was collected — not for misuse, harassment, or sale.
• Not impersonating real people in your mystery-shop submissions. Use a generic placeholder identity (e.g., "Sarah Lee") clearly distinct from any real person.

[Lawyer: this section is high-risk. Consider stronger client-acknowledgment / clickwrap before enabling the mystery-shop feature in the product.]

You may not direct ProofStack to scrape any website, app, or platform that explicitly prohibits automated access in its Terms of Service. You acknowledge that some integrations (e.g., Apify, BrightData) source data via methods that some platforms may treat as a violation of their own terms. Your use of those sources is your responsibility; we make no representation about the lawfulness of any third-party scraping.

You may not:

• Attempt to access another customer's data or workspace.
• Probe, scan, or test the vulnerability of the Service without our prior written authorization.
• Send so many requests in such a short window that they could be reasonably considered an attempted denial-of-service.
• Reverse engineer the Service, except to the extent expressly permitted by applicable law.
• Use the Service to send malware, phishing, or fraudulent communications.

The Service uses third-party AI providers (Anthropic, Perplexity) to generate personalized message openings, transcript summaries, and other content. AI outputs may be inaccurate or misleading; you are responsible for reviewing every AI-generated message before sending it. Do not represent AI-generated content as being authored by a human in contexts where law requires disclosure (e.g., political ads in some jurisdictions).

If you believe someone is using ProofStack in violation of this AUP, report it to abuse@xpanddigital.io. We investigate every credible report.

We may, with or without notice (depending on severity):

• Throttle or suspend specific features.
• Suspend the affected workspace.
• Terminate the account.
• Refer the matter to law enforcement.
• Pursue any other remedy available at law or equity.

We update this AUP periodically. Continued use after the effective date constitutes acceptance.